VERY IMPORTANT

Proofpoint researchers identified the return of Bumblebee malware to the cybercriminal threat landscape on February 8, 2024 after a four-month absence. Bumblebee is a sophisticated downloader used by multiple cybercriminal actors and was frequently used from its first appearance in March 2022 through October 2023. In the new campaign, emails targeted organizations in the US with OneDrive URLs leading to macro-enabled Word documents that downloaded and executed Bumblebee. This campaign is notably different from past Bumblebee campaigns that used varied techniques like HTML smuggling and password-protected scripts. At this time, Proofpoint does not attribute the activity, though tactics align with TA579. Bumblebee can facilitate follow-on ransomware payloads. Its return aligns with a surge in cybercriminal activity in early 2024 after a winter lull.